Linux infection proves Windows malware monopoly is over

Amedee Van Gasse (ub) amedee-ubuntu at amedee.be
Tue Jun 15 11:56:02 BST 2010 

On Tue, June 15, 2010 07:33, David Sanders wrote:

> 1 - On most distributions of Linux the effects of this attack would
> mostly be mitigated by SELinux
> (http://en.wikipedia.org/wiki/Security-Enhanced_Linux) which is
> included by default on Red-Hat and Ubuntu - the two most popular
> distributions. It would NOT allow an attacker "full-control" as you
> incorrectly state.

The vulnerability was in Gentoo, a hack-it-yourself distribution with a
certain reputation (yes, I have used it in the past).
Has this vulnerability actually been reported in Ubuntu or Red Hat? No.
The article explicitly states that the upstream file is unaffected. This
vulnerability does not concern Linux in general, it only concerns Gentoo
Linux. Gentoo should revise its security policies and its internal
procedures for uploading packages to their repositories.

A second note: when people run a server, it is recommended to run
public-facing services in a chroot. If the service gets compromised, only
that particular service is affected.

> 2 - Can you explain you comment that "Again, that’s right. A similarly
> infected Windows file in the wild would be detected within days if not
> hours after a routine virus scan by someone checking the download
> before installing it."
>
> This is just plain wrong - how would it be checking for a virus that
> no-one is aware of the existence of? I don't think you really
> understand how virus-checkers work.
>
> Please "get the facts" before posting - you are in a position of
> popular consumption and people might think you know what you're
> talking about.

About "get the facts"... I was actually waiting for somebody to drop the
word "virus" for the first time. This was not a virus. Viruses spread
autonomously. This was a trojan, or backdoor, or a carefully crafted
package that was manually uploaded to a repository server by an attacker.

This can happen on Ubuntu too if people carelessly add repositories from
untrusted sources. How much trust do you have in any random Launchpad PPA?
Think about it...

-- 
Amedee

More information about the sounder mailing list